Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-20 | CVE-2018-6960 | Improper Authentication vulnerability in VMWare Horizon Daas 7.0.0 VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. | 8.8 |
| 2018-04-19 | CVE-2018-0238 | Improper Authentication vulnerability in Cisco Unified Computing System Director 6.5(0.0)/6.5(0.1) A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any permitted operations on any virtual machine. | 9.9 |
| 2018-04-18 | CVE-2018-7760 | Improper Authentication vulnerability in Schneider-Electric products An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. | 9.8 |
| 2018-04-18 | CVE-2016-10434 | Improper Authentication vulnerability in Qualcomm SD 820 Firmware and SD 820A Firmware In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 820 and SD 820A, the input to RPMB write response function is a buffer from HLOS that needs to be authenticated (using HMAC) and then processed. | 7.5 |
| 2018-04-17 | CVE-2017-2871 | Improper Authentication vulnerability in Foscam C1 Firmware 2.52.2.43 Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. | 8.8 |
| 2018-04-13 | CVE-2018-6547 | Improper Authentication vulnerability in Plays.Tv plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used. | 9.1 |
| 2018-04-13 | CVE-2018-6546 | Improper Authentication vulnerability in Plays.Tv plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. | 9.8 |
| 2018-04-13 | CVE-2017-0356 | Improper Authentication vulnerability in multiple products A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. | 9.8 |
| 2018-04-13 | CVE-2016-9646 | Improper Authentication vulnerability in multiple products ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery. | 5.3 |
| 2018-04-10 | CVE-2014-3999 | Improper Authentication vulnerability in Horde Ldap The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN. | 8.1 |